Attribute-Based Encryption. Allison Lewko, Microsoft Research
|
|
- Ami Casey
- 6 years ago
- Views:
Transcription
1 Attribute-Based Encryption Allison Lewko, Microsoft Research
2 The Cast of Characters This talk will feature work by: Brent Waters Amit Sahai Vipul Goyal Omkant Pandey With special guest appearances by: Melissa Chase, Dan Boneh, Matt Franklin, Ran Canetti, Shai Halevi, Jon Katz, Xavier Boyen, Sanjam Garg, Craig Gentry, Tatsuaki Okamoto Katsuyuki Takashima
3 Motivation Who should access this data?
4 ABE [SW05, GPSW06] Describe authorized users with attributes : AND OR certified doctor EMT
5 Key-Policy ABE Specification = security parameter U = attribute universe Setup(, U): generate public parameters PP and master key MSK KeyGen(Policy, MSK): generate a user key for a given policy Encrypt(PP, M, S µ U): encrypt message M under attribute set S Decrypt(CT, SK): decrypt ciphertext using a key
6 Security Threat: Collusion Example: encrypt a job posting: AND Masters Degree > 2 years experience Security Threat:
7 Key-Policy ABE Security Definition IND-CPA game: PP, MSK Challenger PP Policy f SK f M 0, M 1, S Encrypt(PP, M b, S) Repeat b? Attacker b Policy f SK f Repeat
8 Construction Tools Linear Secret Sharing: OR secret AND z -z OR v A z z -z -z AND C B D z-v B Only authorized set of shares allows reconstruction of
9 Construction Tools Independent randomness
10 Basic KP-ABE Construction [GPSW06]
11 Stepping through Decryption divide
12 High Level View of Scheme AND blinding factor A OR B C Chain Reaction C in CT A in CT
13 Main Features of the Construction Conceptual Checklist: 1. How are we encoding the access formula? with a linear secret sharing scheme 2. How are we tying shares to attributes? multiplying by the H i elements raised to random exponents 3. How are we enforcing presence of attributes in the ciphertext? the need to cancel the H i contributions 4. How are we preventing collusion? injecting personalized randomness during sharing
14 Proof Challenges Hard Problem Simulator Attacker Simulator must balance two competing goals: answer attacker queries leverage attacker success
15 Partitioning Proofs [BF01,CHK03,BB04, ] Space of formulas for keys: = key simulator can make = key simulator can t make
16 Problem: Why Should the Attacker Two Approaches: Respect the Partition? 1. Make Attacker Commit (weaker) selective security Too costly for ABE 2. Guess and quit when wrong HA!
17 Proof of Selective Security [GPSW06] Simulator Attacker
18 How the Simulator Should Work?
19 Simulating Keys
20 Strategic Sharing z OR AND z OR Shares for challenge attributes known to simulator z A z AND B C z z z B D Challenge set
21 Cancelations
22 Straightline Simulation Recap
23 Why did we need selective security?
24 Looking Ahead What we ve shown: Selectively secure Key-Policy ABE for formulas What else might we want? Full security Ciphertext-Policy ABE for formulas ABE for circuits Hiding policies Decentralized authorities
25 Ciphertext-Policy ABE Specification = security parameter U = attribute universe Setup(, U): generate public parameters PP and master key MSK KeyGen(S µ U, MSK): generate a user key for an attribute set S Encrypt(PP, M, Policy): encrypt message M under the given policy Decrypt(CT, SK): decrypt ciphertext using a key
26 Constructing CP-ABE for formulas Intuition: switch SK and CT from KP-ABE construction Before:
27 Adding a Layer of Indirection
28 Proving Selective Security? Selective security for KP-ABE: Set S Size(PP) > size(s) PP encodes S Simulator PP Selective security for CP-ABE: formula f PP How can PP encode f?
29 One Approach [e.g. G06, W11] To fit a big formula into small PP: Use a big assumption!
30 Moving Beyond Selective Security Dual System Encryption [W09,LW10] Main goal: Simulator prepared to make any key, use any ciphertext How can this be possible? Consider joint distribution of key and ciphertext Maybe simulator can sample from alternate distribution and fool attacker on subset of allowable pairs
31 Dual System Encryption 2 distributions of keys, 2 distributions of ciphertexts: Used in real system Normal Semi-Functional Normal Semi-Functional (with high probability)
32 Overview of a Dual System Encryption Proof Real Hybrid Security Argument: Game: Hardest step! Not Compatible! Incompatiblity of key/ct Decryption failure M b High probability decryption failure Message independent CT Regardless of Compability!
33 The Critical Step Instance T? Hard Problem Simulator Attacker? Simulator cannot know nature of key!
34 Nominal Semi-Functionality [LW10]? Correlation! Decryption always succeeds Simulator
35 How is Correlation Hidden? Public Parameters PP V PP - random variable Internal View V - has some entropy Simulator Attacker
36 Conceptualizing Semi-functional Space Decompose: Semi-functional Space Semi-functional component S.F. components mirror the structure of normal components, but have their own S.F. params Normal Component Separated from PP Public Parameters Normal Space
37 Convenient Setting: Composite Order Bilinear Groups
38 Computational Assumptions Example: Subgroup Decision Problems
39 KP-ABE Construction: Dual System Version (*Slightly simplified) Shares of random
40 Decrypting S.F. Ciphertext with S.F. Key
41 Executing the Dual System Proof
42 Executing the Dual System Proof
43 The Bait and Switch But Wait!!! We were supposed to be sharing something random in S.F. space, not 0!
44 Finishing the Dual System Proof
45 Many Keys and Reusing Parameters How do we make sure the shared value in the S.F. space is hidden? We rely on attributes not appearing in the CT We use the third subgroup for a hybrid over keys (skipping details) We impose limit on reuses of attributes per key
46 Summary of Dual System Proof Semi-functional space shadows normal space Entropy from unpublished S.F. parameters can hide correlation Subgroup decision assumptions can move objects in and out of S.F. space
47 Dual System in Prime Order Groups [e.g. OT10, L12, LW12]
48 Other Improvements and Extensions Multiple authorities [C07, LW11a, OT12a] Enables decentralizing functionality and trust Large universe constructions [GPSW06, LW11b,OT12b] Attribute universe size is exponential Full security without restricting reuse of parameters [LW12] New understanding of relationship between selective security techniques and dual system
49 Alternate View of Dual System Encryption [LW12] Viewing the security game in S.F. space: PP in S.F. Space Public Params Policy f Simulator gets some info before setting params: opportunity to adapt prior selective techniques! Repeat Challenger M 0, M 1, attributes Enc(M b, PP, attributes) Policy f Repeat Attacker
50 Breaking News Updates Brought to you by lattice-based cryptographers:
51 ABE for Circuits from Multi-Linear Maps [SW12]
Fully Secure Anonymous HIBE with Short Ciphertexts
Fully Secure Anonymous HIBE with Short Ciphertexts Angelo De Caro Vincenzo Iovino Giuseppe Persiano Dipartimento di Informatica ed Applicazioni, Università di Salerno, 84084 Fisciano (SA), Italy. {decaro,iovino,giuper}@dia.unisa.it
More informationNotes for Lecture 14
COS 533: Advanced Cryptography Lecture 14 (November 6, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 14 1 Applications of Pairings 1.1 Recap Consider a bilinear e
More informationAttribute-based encryption with encryption and decryption outsourcing
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing
More informationA Punctured Programming Approach to Adaptively Secure Functional Encryption
A Punctured Programming Approach to Adaptively Secure Functional Encryption Brent Waters University of Texas at Austin bwaters@cs.utexas.edu Abstract We propose the first construction for achieving adaptively
More informationKeywords: Multi-authority attribute based encryption, key policy, ciphertext policy, central authority free
Computing and Informatics, Vol. 35, 2016, 128 142 SIMPLE MULTI-AUTHORITY ATTRIBUTE-BASED ENCRYPTION FOR SHORT MESSAGES Viktória I. Villányi Department of Operations Research ELTECRYPT Research Group Eötvös
More informationUnbounded Inner Product Functional Encryption from Bilinear Maps ASIACRYPT 2018
Unbounded Inner Product Functional Encryption from Bilinear Maps ASIACRYPT 2018 Junichi Tomida (NTT), Katsuyuki Takashima (Mitsubishi Electric) Functional Encryption[OʼNeill10, BSW11] msk Bob f(x) sk f
More informationImplementing Fully Key-Homomorphic Encryption in Haskell. Maurice Shih CS 240h
Implementing Fully Key-Homomorphic Encryption in Haskell Maurice Shih CS 240h Abstract Lattice based encryption schemes have many desirable properties. These include uantum and classic computer attack
More informationKey-policy Attribute-based Encryption for Boolean Circuits from Bilinear Maps
Key-policy Attribute-based Encryption for Boolean Circuits from Bilinear Maps Ferucio Laurenţiu Ţiplea and Constantin Cătălin Drăgan Department of Computer Science Al.I.Cuza University of Iaşi Iaşi 700506,
More informationA compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.
A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems. G Swetha M.Tech Student Dr.N.Chandra Sekhar Reddy Professor & HoD U V N Rajesh Assistant Professor Abstract Cryptography
More informationFine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing
wwwijcsiorg 10 Fine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing Yinghui Zhang 12 1 National Engineering Laboratory for Wireless Security Xi'an University of Posts and Telecommunications
More informationTools for Computing on Encrypted Data
Tools for Computing on Encrypted Data Scribe: Pratyush Mishra September 29, 2015 1 Introduction Usually when analyzing computation of encrypted data, we would like to have three properties: 1. Security:
More informationSemi-Adaptive Security and Bundling Functionalities Made Generic and Easy
Semi-Adaptive Security and Bundling Functionalities Made Generic and Easy Rishab Goyal rgoyal@cs.utexas.edu Venkata Koppula kvenkata@cs.utexas.edu Brent Waters bwaters@cs.utexas.edu Abstract Semi-adaptive
More informationA Key-Policy Attribute-based Encryption Scheme for General Circuit from Bilinear Maps
International Journal of Network Security, Vol.19, No.5, PP.704-710, Sept. 2017 (DOI: 10.6633/IJNS.201709.19(5).07) 704 A Key-Policy Attribute-based Encryption Scheme for General Circuit from Bilinear
More informationDECENTRALIZED ATTRIBUTE-BASED ENCRYPTION AND DATA SHARING SCHEME IN CLOUD STORAGE
DECENTRALIZED ATTRIBUTE-BASED ENCRYPTION AND DATA SHARING SCHEME IN CLOUD STORAGE ABSTRACT We propose a Multi-Authority Attribute-Based Encryption (ABE) system. In our system, any party can become an authority
More informationBetter 2-round adaptive MPC
Better 2-round adaptive MPC Ran Canetti, Oxana Poburinnaya TAU and BU BU Adaptive Security of MPC Adaptive corruptions: adversary adversary can decide can decide who to who corrupt to corrupt adaptively
More informationSecurity of Identity Based Encryption - A Different Perspective
Security of Identity Based Encryption - A Different Perspective Priyanka Bose and Dipanjan Das priyanka@cs.ucsb.edu,dipanjan@cs.ucsb.edu Department of Computer Science University of California Santa Barbara
More informationSpace-Efficient Identity-Based Encryption: Spelling out the Approach by Boneh-Gentry-Hamburg
Anais do IX Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais 279 Space-Efficient Identity-Based Encryption: Spelling out the Approach by Boneh-Gentry-Hamburg Patrícia Lustosa
More informationCollusion-Resistant Group Key Management Using Attributebased
Collusion-Resistant Group Key Management Using Attributebased Encryption Presented by: Anurodh Joshi Overview of the Paper Presents a ciphertext-policy attribute-based encryption (CP-ABE) scheme to solve
More informationDynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption
Dynamic Credentials and Ciphertext Delegation for Attribute-Based Encryption Amit Sahai 1, Hakan Seyalioglu 2, and Brent Waters 3 1 Department of Computer Science, UCLA 2 Department of Mathematics, UCLA
More informationAn Efficient Certificateless Proxy Re-Encryption Scheme without Pairing
An Efficient Certificateless Proxy Re-Encryption Scheme without Pairing Presented By: Arinjita Paul Authors: S. Sharmila Deva Selvi, Arinjita Paul, C. Pandu Rangan TCS Lab, Department of CSE, IIT Madras.
More informationDAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems
1790 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 8, NO. 11, NOVEMBER 2013 DAC-MACS: Effective Data Access Control for Multiauthority Cloud Storage Systems Kan Yang, Associate Member,
More informationIND-CCA2 secure cryptosystems, Dan Bogdanov
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov University of Tartu db@ut.ee 1 Overview Notion of indistinguishability The Cramer-Shoup cryptosystem Newer results
More informationFunctional Encryption and its Impact on Cryptography
Functional Encryption and its Impact on Cryptography Hoeteck Wee ENS, Paris, France Abstract. Functional encryption is a novel paradigm for public-key encryption that enables both fine-grained access control
More informationIntroduction to Security Reduction
springer.com Computer Science : Data Structures, Cryptology and Information Theory Springer 1st edition Printed book Hardcover Printed book Hardcover ISBN 978-3-319-93048-0 Ca. $ 109,00 Planned Discount
More informationSecure Data Sharing in Cloud Computing: Challenges and Research Directions
Cyber Summer School Melbourne, 12-13 Feb 2018 Secure Data Sharing in Cloud Computing: Challenges and Research Directions Willy Susilo Institute of Cybersecurity and Cryptology School of Computing and Information
More informationAttribute-Based Fully Homomorphic Encryption with a Bounded Number of Inputs
Attribute-Based Fully Homomorphic Encryption with a Bounded Number of Inputs Michael Clear and Ciarán McGoldrick School of Computer Science and Statistics, Trinity College Dublin {clearm, Ciaran.McGoldrick}@scss.tcd.ie
More informationLecture 15: Public Key Encryption: I
CSE 594 : Modern Cryptography 03/28/2017 Lecture 15: Public Key Encryption: I Instructor: Omkant Pandey Scribe: Arun Ramachandran, Parkavi Sundaresan 1 Setting In Public-key Encryption (PKE), key used
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationA New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE
A New Hierarchical ID-Based Cryptosystem and CCA-Secure PKE Jin Li 1, Fangguo Zhang 2,3, and Yanming Wang 1,4 1 School of Mathematics and Computational Science, Sun Yat-sen University, Guangzhou, 510275,
More informationMulti-authority attribute based encryption with honest-but-curious central authority
Proceedings of the 10th International Conference on Computational and Mathematical Methods in Science and Engineering, CMMSE 2010 27 30 June 2010. Multi-authority attribute based encryption with honest-but-curious
More informationSTRONGER SECURITY NOTIONS FOR DECENTRALIZED TRACEABLE ATTRIBUTE-BASED SIGNATURES AND MORE EFFICIENT CONSTRUCTIONS
STRONGER SECURITY NOTIONS FOR DECENTRALIZED TRACEABLE ATTRIBUTE-BASED SIGNATURES AND MORE EFFICIENT CONSTRUCTIONS Essam Ghadafi University College London e.ghadafi@ucl.ac.uk CT-RSA 2015 STRONGER SECURITY
More informationThe Relation and Transformation between Hierarchical Inner Product Encryption and Spatial Encryption
The Relation and Transformation between Hierarchical Inner Product Encryption and Spatial Encryption Jie Chen, Hoon Wei Lim, San Ling, and Huaxiong Wang Nanyang Technological University, Singapore s080001@e.ntu.edu.sg
More informationRelations between Semantic Security and Anonymity in Identity Based Encryption
Relations between Semantic Security and Anonymity in Identity Based Encryption Javier Herranz 1, Fabien Laguillaumie 2, and Carla Ràfols 1 1 Dept. Matemàtica Aplicada IV, Universitat Politècnica de Catalunya,
More informationInter-domain Identity-based Proxy Re-encryption
Inter-domain Identity-based Proxy Re-encryption Qiang Tang, Pieter Hartel, Willem Jonker Faculty of EWI, University of Twente, the Netherlands {q.tang, pieter.hartel, jonker}@utwente.nl August 19, 2008
More informationEfficient Round Optimal Blind Signatures
Efficient Round Optimal Blind Signatures Sanjam Garg IBM T.J. Watson Divya Gupta UCLA Complexity Leveraging Highly theoretical tool Used to obtain feasibility results Gives inefficient constructions Is
More informationApplication to More Efficient Obfuscation
Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation (io)
More informationA Procedural Based Encryption Technique for Accessing Data on Cloud
A Procedural Based Encryption Technique for Accessing Data on Cloud Avinash N 1, Divya C 2 P.G. Student, Department of Computer Science and Engineering, SVIT, Bangalore, Karnataka, India 1 Assistant Professor,
More informationThe Relation and Transformation between Hierarchical Inner Product Encryption and Spatial Encryption
Noname manuscript No. (will be inserted by the editor) The Relation and Transformation between Hierarchical Inner Product Encryption and Spatial Encryption Jie Chen Hoon Wei Lim San Ling Huaxiong Wang
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationHomomorphic encryption (whiteboard)
Crypto Tutorial Homomorphic encryption Proofs of retrievability/possession Attribute based encryption Hidden vector encryption, predicate encryption Identity based encryption Zero knowledge proofs, proofs
More informationSomewhat Homomorphic Encryption
Somewhat Homomorphic Encryption Craig Gentry and Shai Halevi June 3, 2014 China Summer School on Lattices and Cryptography Part 1: Homomorphic Encryption: Background, Applications, Limitations Computing
More informationMatrix Access structure Policy used in Attribute-Based Proxy Re-encryption
Matrix Access structure Policy used in Attribute-Based Proxy Re-encryption Keying Li Faculty of science, Xidian University, Xi'an 710071, China Abstract Proxy re-encryption (PRE) allows a semi-trusted
More informationBounded Ciphertext Policy Attribute Based Encryption
Bounded Ciphertext Policy Attribute Based Encryption Vipul Goyal, Abhishek Jain, Omkant Pandey, and Amit Sahai Department of Computer Science, UCLA {vipul,abhishek,omkant,sahai}@cs.ucla.edu Abstract. In
More informationOnline/Offline Attribute-Based Encryption
Online/Offline Attribute-Based Encryption Susan Hohenberger 1 and Brent Waters 2 Johns Hopkins University and University of Texas at Austin Abstract. Attribute-based encryption (ABE) is a type of public
More informationAchieving Leakage Resilience through Dual System Encryption
Achieving Leakage Resilience through Dual System Encryption Allison Lewko, Yannis Rouselakis, and Brent Waters The University of Texas at Austin {alewko,jrous,bwaters}@cs.utexas.edu Abstract. In this work,
More informationAn Efficient Verifiable Multi-Authority Secret Access control scheme in Cloud Storage M.Sreelakshmi & P.Gangadhara
An Efficient Verifiable Multi-Authority Secret Access control scheme in Cloud Storage M.Sreelakshmi & P.Gangadhara 1 M.Tech, Dept of CSE,Shri Shirdi Sai Institute of Science and Engineering, Affiliated
More informationFunctional Encryption: Deterministic to Randomized Functions from Simple Assumptions. Shashank Agrawal and David J. Wu
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal and David J. Wu Public-Key Functional Encryption [BSW11, O N10] x f(x) Keys are associated with deterministic
More informationCSC 5930/9010 Modern Cryptography: Public Key Cryptography
CSC 5930/9010 Modern Cryptography: Public Key Cryptography Professor Henry Carter Fall 2018 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract
More informationNotes for Lecture 5. 2 Non-interactive vs. Interactive Key Exchange
COS 597C: Recent Developments in Program Obfuscation Lecture 5 (9/29/16) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 5 1 Last Time Last time, we saw that we can get public
More informationCRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS
CRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS Yevgeniy Dodis, Kristiyan Haralambiev, Adriana Lopez-Alt and Daniel Wichs NYU NY Area Crypto Reading Group Continuous Leakage Resilience (CLR): A Brief History
More informationPredicate Encryption for Circuits from LWE
Predicate Encryption for Circuits from LWE Sergey Gorbunov 1, Vinod Vaikuntanathan 1, and Hoeteck Wee 2 1 MIT 2 ENS Abstract. In predicate encryption, a ciphertext is associated with descriptive attribute
More informationImprovement of Camenisch-Neven-Shelat Oblivious Transfer Scheme
Improvement of Camenisch-Neven-Shelat Oblivious Transfer Scheme Zhengjun Cao and Hanyue Cao Department of Mathematics, Shanghai University, Shanghai, China caozhj@shu.edu.cn Abstract. In 2007, Camenisch,
More informationThreshold Cryptosystems from Threshold Fully Homomorphic Encryption
Threshold Cryptosystems from Threshold Fully Homomorphic Encryption Sam Kim Stanford University Joint work with Dan Boneh, Rosario Gennaro, Steven Goldfeder, Aayush Jain, Peter M. R. Rasmussen, and Amit
More informationEfficient Multi-receiver identity-based encryption and its application to broadcast encryption
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2005 Efficient Multi-receiver identity-based encryption and its application
More informationBounded-Collusion IBE from Key Homomorphism
Bounded-Collusion IBE from Key Homomorphism Shafi Goldwasser 1, Allison Lewko 2, and David A. Wilson 3 1 MIT CSAIL and Weizmann Institute shafi@csail.mit.edu 2 UT Austin alewko@cs.utexas.edu 3 MIT CSAIL
More informationISA 562: Information Security, Theory and Practice. Lecture 1
ISA 562: Information Security, Theory and Practice Lecture 1 1 Encryption schemes 1.1 The semantics of an encryption scheme. A symmetric key encryption scheme allows two parties that share a secret key
More informationPROGRAM obfuscation is the process of making it unintelligible
INTL JOURNAL OF ELECTRONICS AND TELECOMMUNICATIONS, 2018, VOL. 64, NO. 2, PP. 173 178 Manuscript received January 24, 2018; revised March, 2018. DOI: 10.24425/119366 Block Cipher Based Public Key Encryption
More informationMTAT Research Seminar in Cryptography IND-CCA2 secure cryptosystems
MTAT.07.006 Research Seminar in Cryptography IND-CCA2 secure cryptosystems Dan Bogdanov October 31, 2005 Abstract Standard security assumptions (IND-CPA, IND- CCA) are explained. A number of cryptosystems
More informationSecurity Weaknesses of an Anonymous Attribute Based Encryption appeared in ASIACCS 13
Security Weaknesses of an Anonymous Attribute Based Encryption appeared in ASIACCS 13 Payal Chaudhari, Manik Lal Das, Anish Mathuria DA-IICT, Gandhinagar, India {payal chaudhari, maniklal das, anish mathuria}@daiict.ac.in
More informationCryptography [Symmetric Encryption]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationAttribute Based Encryption for Multiples Authorities Using Shamir's Secret Sharing Algorithm
International Journal of Computer Science and Software Engineering Volume 1, Number 1 (2015), pp. 1-8 International Research Publication House http://www.irphouse.com Attribute Based Encryption for Multiples
More informationDefinitions and Notations
Chapter 2 Definitions and Notations In this chapter, we present definitions and notation. We start with the definition of public key encryption schemes and their security models. This forms the basis of
More informationRelaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Indian Statistical Institute Kolkata January 14, 2012 Outline 1 Definitions Encryption Scheme IND-CPA IND-CCA IND-CCVA
More informationBlock ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2015. Slide: 74 Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways
More informationCollusion-Resistant Identity-based Proxy Re-encryption
Collusion-Resistant Identity-based Proxy Re-encryption Woo Kwon Koo 1, Jung Yeon Hwang 2, and Dong Hoon Lee 1,* 1 Graduate School of Information Security, Korea University, Seoul, Korea 2 Electronics and
More informationInsecurity of an Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption Scheme
2014 Tenth 10th International Conference on Computational Intelligence and Security Insecurity of an Dynamic User Revocation and Key Refreshing for Attribute-Based Encryption Scheme Changji Wang, Haitao
More informationAttribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption
Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran University of Illinois, Urbana-Champaign IL USA, {rbobba,hkhurana,mmp}@illinois.edu
More informationMulti-Channel Broadcast Encryption
This extended abstract appeared in Proceedings of the 2013 ACM Symposium on Information, computer and communications security (AsiaCCS âăź13 (May 7 10, 2013, Hangzhou, China, pages??????, ACM Press, New
More informationConstraint hiding constrained PRF for NC1 from LWE. Ran Canetti, Yilei Chen, # Eurocrypt 2017 special edition
Constraint hiding constrained PRF for NC1 from LWE Ran Canetti, Yilei Chen, # Eurocrypt 2017 special edition 1 2 Puncture! 3 4 Puncturable/constrained PRF [Boneh, Waters 13, Kiayias, Papadopoulos, Triandopoulos,
More informationinformation Black Box Traceable Ciphertext Policy Attribute-Based Encryption Scheme Information 2015, 6, ; doi:10.
Information 2015, 6, 481-493; doi:10.3390/info6030481 OPEN ACCESS information ISSN 2078-2489 www.mdpi.com/journal/information Article Black Box Traceable Ciphertext Policy Attribute-Based Encryption Scheme
More informationOn the Security of Group-based Proxy Re-encryption Scheme
On the Security of Group-based Proxy Re-encryption Scheme Purushothama B R 1, B B Amberker Department of Computer Science and Engineering National Institute of Technology Warangal Warangal, Andhra Pradesh-506004,
More informationLecture 14 Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze. 1 A Note on Adaptively-Secure NIZK. 2 The Random Oracle Model
CMSC 858K Advanced Topics in Cryptography March 11, 2004 Lecturer: Jonathan Katz Lecture 14 Scribe(s): Alvaro A. Cardenas Kavitha Swaminatha Nicholas Sze 1 A Note on Adaptively-Secure NIZK A close look
More informationDECENTRALIZED TRACEABLE ATTRIBUTE-BASED SIGNATURES
DECENTRALIZED TRACEABLE ATTRIBUTE-BASED SIGNATURES Essam Ghadafi 1 Ali El Kaafarani 2 Dalia Khader 3 1 University of Bristol, 2 University of Bath, 3 University of Luxembourg ghadafi@cs.bris.ac.uk CT-RSA
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationDirect Chosen Ciphertext Security from Identity-Based Techniques
Updated version of a paper published in the proceedings of the 12th ACM Conference on Computer and Communications Security CCS 2005, Alexandria, VA, November 2005. Current version available from the IACR
More informationDAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems
DAC-MACS: Effective Data Access Control for Multi-Authority Cloud Storage Systems Kan Yang, Xiaohua Jia, Kui Ren Department of Computer Science, City University of Hong Kong, Email: kanyang3@student.cityu.edu.hk
More informationPublic Key Broadcast Encryption
Public Key Broadcast Encryption Leyou Zhang Centre for Computer and Information Security University of Wollongong Australia 1 Nature Science Foundation(NSF) of China: Public key Broadcast Encryption(BE)(Finished,2010-2012)
More informationUpgrading to Functional Encryption
Upgrading to Functional Encryption Saikrishna Badrinarayanan Dakshita Khurana Amit Sahai Brent Waters Abstract The notion of Functional Encryption (FE) has recently emerged as a strong primitive with several
More informationHIGH LEVEL SECURITY IMPLEMENTATION IN DATA SHARING ON SOCIAL WEBSITES
HIGH LEVEL SECURITY IMPLEMENTATION IN DATA SHARING ON SOCIAL WEBSITES P.Senthil Kumar 1 Associate professor, PSNA college of engineering and technology,dindigul,tamilnadu,india Abstract: With the recent
More informationPrivacy, Discovery, and Authentication for the Internet of Things
Privacy, Discovery, and Authentication for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University Google Google Stanford University The Internet of Things (IoT) Lots of
More informationReducing Trust in the PKG in Identity Based Cryptosystems
Reducing Trust in the PKG in Identity Based Cryptosystems Vipul Goyal Department of Computer Science University of California, Los Angeles vipul@cs.ucla.edu Abstract One day, you suddenly find that a private
More informationExponent Properties: The Product Rule. 2. Exponential expressions multiplied with each other that have the same base.
Exponent Properties: The Product Rule 1. What is the difference between 3x and x 3? Explain in complete sentences and with examples. 2. Exponential expressions multiplied with each other that have the
More informationSecurity Analysis and Modification of ID-Based Encryption with Equality Test from ACISP 2017
Security Analysis and Modification of ID-Based Encryption with Equality Test from ACISP 2017 Hyung Tae Lee 1, Huaxiong Wang 2, Kai Zhang 3, 4 1 Chonbuk National University, Republic of Korea 2 Nanyang
More information1 One-Time Pad. 1.1 One-Time Pad Definition
1 One-Time Pad Secure communication is the act of conveying information from a sender to a receiver, while simultaneously hiding it from everyone else Secure communication is the oldest application of
More informationLeakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter
Leakage-Resilient Chosen-Ciphertext Secure Public-Key Encryption from Hash Proof System and One-Time Lossy Filter Baodong Qin and Shengli Liu Shanghai Jiao Tong University ASIACRYPT 2013 Dec 5, Bangalore,
More informationImproved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption
Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption Dan Boneh 1 and Jonathan Katz 2 1 Computer Science Department, Stanford University, Stanford CA 94305 dabo@cs.stanford.edu
More informationAn Encryption Scheme for a Secure Policy Updating
An Encryption Scheme for a Secure Policy Updating Luan Ibraimi Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, The Netherlands ibraimi@ewi.utwente.nl Muhammad
More informationAttribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption
Attribute-Sets: A Practically Motivated Enhancement to Attribute-Based Encryption Rakesh Bobba, Himanshu Khurana and Manoj Prabhakaran University of Illinois at Urbana-Champaign {rbobba,hkhurana,mmp}@illinois.edu
More informationMediated Ciphertext-Policy Attribute-Based Encryption and its Application
Mediated Ciphertext-Policy Attribute-Based Encryption and its Application Luan Ibraimi 1,2, Milan Petkovic 2, Svetla Nikova 1, Pieter Hartel 1, Willem Jonker 1,2 1 Faculty of EEMCS, University of Twente,
More informationPrivate Database Queries Using Somewhat Homomorphic Encryption. Dan Boneh, Craig Gentry, Shai Halevi, Frank Wang, David J. Wu
Private Database Queries Using Somewhat Homomorphic Encryption Dan Boneh, Craig Gentry, Shai Halevi, Frank Wang, David J. Wu ACNS 2013 Fully Private Conjunctive Database Queries user SELECT * FROM db WHERE
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationMulti-Theorem Preprocessing NIZKs from Lattices
Multi-Theorem Preprocessing NIZKs from Lattices Sam Kim and David J. Wu Stanford University Soundness: x L, P Pr P, V (x) = accept = 0 No prover can convince honest verifier of false statement Proof Systems
More informationAdvanced Topics in Cryptography
Advanced Topics in Cryptography Lecture 9: Identity based encryption (IBE), Cocks scheme. Benny Pinkas page 1 1 Related papers Lecture notes from MIT http://crypto.csail.mit.edu/classes/6.876/lecture-notes.html
More informationCertificateless Onion Routing
Certificateless Onion Routing Dario Catalano Dipartimento di Matematica e Informatica Università di Catania - Italy catalano@dmi.unict.it Dario Fiore Dipartimento di Matematica e Informatica Università
More informationMulti-authority attribute based encryption with honest-but-curious central authority
Multi-authority attribute based encryption with honest-but-curious central authority Vladimir Božović 1, Daniel Socek 2, Rainer Steinwandt 1, and Viktória I. Villányi 1 1 Department of Mathematical Sciences,
More informationINDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator
INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Stamp / Signature of the Invigilator EXAMINATION ( Mid Semester ) SEMESTER ( Spring ) Roll Number Section Name Subject Number C S 6 0 0 8 8 Subject Name Foundations
More informationIdentity-based Encryption with Efficient Revocation
Identity-based Encryption with Efficient Revocation Alexandra Boldyreva School of Computer Science Georgia Institute of Technology Atlanta, GA aboldyre@cc.gatech.edu Vipul Goyal Dept. of Computer Science
More informationMilitary Secured Network Data Transmission
Military Secured Network Data Transmission Shubham Jain 1, Umesh Dusane 2, Smita Lokhande 3, Vinod Kadam 4, Asst. Prof. Neha Jamdar 5 1University of Pune, Sinhgad Institute of Technology and Science, jains7272@gmail.com
More information